Top

table of contents

Archive's Table of Contents Page
Chapter 1: Server Setup and Configuration
Chapter 2: A Fast Introduction to Basic Servlet Programming
Chapter 3: A Fast Introduction to Basic JSP Programming
Chapter 4: Using and Deploying Web Applications
Chapter 5: Controlling Web Application Behavior with web.xml
Chapter 6: A Sample Web Application: An Online Boat Shop
Chapter 7: Declarative Security
Chapter 8: Programmatic Security
Chapter 9: Servlet and JSP Filters
Chapter 10: The Application Events Framework
Chapter 11: New Tag Library Features in JSP 1.2
Chapter 12: The JSP Standard Tag Library

Source Code Archive

More Servlets and JavaServer Pages

Chapter 7: Declarative Security

To view source code for other chapters in this book, mouse over the table of contents bar on the left.

Source Code from Chapter

Note: right-click or shift-click on the links to download the associated file.

Form-based authentication: the hotdotcom application

• tomcat-users.xml. Tomcat-specific password file.
• users.properties. JRun-specific password file.
• web.xml. Deployment descriptor for the hotdotcom application.
• index.jsp. Top-level home page for the hotdotcom application.
• company-styles.css. Style sheet used by almost all JSP pages in the hotdotcom application.
• The admin directory:
  • login.jsp. A login page that follows the standard format: a form with an ACTION of j_security_check, a textfield named j_username, and a password field named j_password.
  • login-error.jsp. Page used to report failed login attempts.
  • delete-account.jsp. Page that is accessible only to users in the administrator role.
  • confirm-deletion.jsp. Page to confirm the deletion of accounts.
• The investing directory:
  • index.html. Top-level home page. Available only to authenticated users in the registered-user role.
  • account-status.jsp. Page that shows summarized information on a client's account. Available only to authenticated users in the registered-user role.
  • sucker.jsp. Page that confirms a stock purchase. Since the FinalizePurchase servlet uses a RequestDispatcher to invoke this page, no page-specific security settings apply.
• The ssl directory:
  • buy-stock.jsp. Page used to order stock. Available only with SSL (https) connections.
  • StockInfo.java. Bean used by buy-stock.jsp (not actually in the ssl directory).
  • FinalizePurchaseServlet.java. Servlet that reads credit card information, performs a stock purchase, and displays confirmation page. The servlet is not actually stored in the ssl directory, but the web.xml file assigns the servlet a custom URL that makes it appear that the servlet is in that directory. Available only with SSL (https) connections.
• The business directory
  • index.html. Top-level home page. Available to all users: no security settings apply.
• The history directory
  • index.html. Top-level home page. Available to all users: no security settings apply.
• RedirectorServlet.java. Servlet that simply redirects users to the Web application home page. Registered with the default servlet URL to prevent access to servlets through URLs that have no security settings.
• hotdotcom.war. The entire hotdotcom application bundled in a WAR (Web ARchive) file.

BASIC authentication: the hotdotcom-internal application

• web.xml. Deployment descriptor for the hotdotcom-internal application.
• tomcat-users.xml. Tomcat-specific password file.
• index.jsp. Top-level home page.
• company-styles.css. Style sheet used by almost all JSP pages in the hotdotcom-internal application.
• financial-plan.html. Page that shows the company's financial plan. Available only to authenticated users in the employee or executive roles.
• business-plan.html. Page that shows the company's business plan. Available only to authenticated users in the executive role.
• RedirectorServlet.java. Servlet that simply redirects users to the Web application home page. Registered with the default servlet URL to prevent access to servlets through URLs that have no security settings.
• hotdotcom-internal.war. The entire hotdotcom-internal application bundled in a WAR (Web ARchive) file.

URLs Referenced in Chapter

• http://jakarta.apache.org/tomcat/tomcat-4.0-doc/realm-howto.html. Information on custom username/password schemes for Tomcat.
• http://www.allaire.com/documents/jr31/devapp.pdf. Information on custom username/password schemes for JRun. See Chapter 39.
• http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html. Information on configuring Tomcat to use SSL. Note that the instructions in the book are more up to date in a couple of areas.
• http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html. Documentation on keytool.

More Information

• J2EE training courses from the author. Available on-site at your company or at public venues.
  • Beginning/intermediate servlet and JSP training
  • Advanced servlet and JSP training
  • JSF (JavaServer Faces) training with Apache MyFaces, facelets, Tomahawk, and Ajax4jsf
  • Jakarta Struts training
  • Ajax and GWT training
  • Java 5 and 6 training
  • Customized training courses.
• Free online version of Core Servlets & JavaServer Pages. Complete text of book in PDF.
• Home page for Core Servlets and JavaServer Pages 2nd Edition (Vol 1). Includes the table of contents, index, sample chapters, source code archive, etc.
• Home Page for More Servlets and JavaServer Pages. Includes the table of contents, index, source code archive, etc.
• Free online version of More Servlets and JavaServer Pages.
• Servlet and JSP Programming Resources. Download sites, servers, IDEs, tutorials, books, job listings, and more.
• Tutorials and lecture notes on servlets, JSP, Struts, JSF, and Java 5. PDF version free for all. PowerPoint version free for qualified university instructors.
• Servlet and JSP programming resources. Specs, documentation, servers, IDEs, hosting providers, books, training, etc.
• Java Programming Resources. General resources on Java technology. Compilers, editors, IDEs, tutorials, books, user forums, and more.